It's alive and well, but what's lurking in the dark?

It's alive and well, but what's lurking in the dark?

Threat Intelligence views the dark web as providing an endless source of data gained through questionable activities and cybercrime - threat intelligence is always recommended. As I said before, know your enemy and be sure to check the dark web regularly for any chatter involving your company, suppliers or business partners.

Your enemy controls a “darkness” that constitutes an underground economy. A marketplace where criminals trade in malware, ransomware and stolen credentials. These markets are hosted everywhere from Russia to Africa with stop-offs in China, the United States, France and Eastern Europe. In some developing countries, turning to the “dark side” as a cybercriminal offers a very realistic option for “a good earner”.

As such, I thought I would share some common threats that “lurk in the dark”.

Payment Card Information for Sale

A robust economy exists for primary account numbers (PANs), bank identification numbers (BINs), and general payment card data on the dark web, where sellers update markets with new cards regularly – and sometimes daily. This has become an ongoing concern for retailers and any company that accepts credit cards.

Doxing of VIPs

The dark web and clear websites like Pastebin are a dumping ground for personal, financial, and technical information with malicious intent. Your enemy can aggregate a lot of open source information and use it to compromise or humiliate a data subject. The lesson for everyone is be careful, be very careful, what you share on social media because it can be used against you.

Opening Fraudulent Accounts – Guides for Sales

The dark web offers guides containing detailed, step-by-step instructions on how to exploit or defraud an organisation. There are entire online courses and even one-on-one tutorials available on how to become a cybercriminal, including how to launch a ransomware attack and how to create malware. The appearance of the guide has a dual impact: Fraudsters learn how to take advantage of an organisation's systems and processes, and the criminals' attention becomes focused on the target company.

Employee User Name and Password Data

The dark web contains millions of plain-text user names and passwords stolen in various breaches. Just because your company may not have directly suffered a breach, doesn't mean that employee user names and passwords are not being sold on the dark web, some of which can be leveraged to access databases and other organisational systems or assets. Perhaps renaming accounts if compromised is the only course of action for an IT Administrator.

RDP Shops

The Remote Desktop Protocol is a lovely tool but potentially devastating in the wrong hands.

The dark web contains dozens of shops selling stolen RDP systems, usually for very low prices, granting buyers remote access to hacked machines. Once your criminal purchases access, he or she can obtain logins to a victim’s computer system and have full control. Criminals can use RDP as an entry point to enact ransomware attacks, send spam, create false security alerts, steal data, steal credentials, and even mine cryptocurrency.

It's also common practice for cybercriminals to try and crack RDP system logins by brute-forcing them with a password list. Even more frightening, RDP shops on the dark web are growing in size and abundance.

Insider Access Scams

IT teams should be on the lookout for company insiders selling access to their accounts and databases on the dark web.

Banks and technology companies are especially susceptible to this kind of fraud. Your enemy tends to be guarded in naming a company that he or she has purchased accounts details for and they might say something like, "I have access to a large technology company," rather than name a company specifically.

Supply Chain Threats

Companies should be aware of anything that involves organisations that are part of their supply chain management. Know your suppliers and organisations you interact with, and be very aware when something related to them shows up on the dark web.

That's because their breach can have a significant impact on your own business continuity. Be sure to check the dark web regularly for any activity that could have an impact upon your company, from suppliers to business partners.

Finally, DDoS-for-Hire Services

In a DDoS for hire, cybercriminals on the dark web rent out botnets to anyone wishing to use them to carry out distributed denial of service attacks against organisational websites for a small cost – sometimes as low as £2.50. While botnets are extremely hard to build without technical expertise, cybercriminals are making them readily available on the dark web. By harnessing the power of the growing number of vulnerable IoT devices to fire off data at specific web targets, anyone on the dark web could use a botnet to drive a business completely offline until they decide to halt the attack. This often leads to direct financial and customer loss, as well as a tarnished brand reputation because of unplanned downtime.

Steven Davies
MIET, MBCS, Security & GDPR Specialist

It's alive and well, but what's lurking in the dark?

Sign up for our Newsletter

* Denotes a required field.